Enhance Dockerfile and README to clarify user permissions and capabilities for Kerberos container
This commit is contained in:
@@ -67,6 +67,9 @@ This creates `slawek/admin@REALM` and grants it full kadmin rights via the ACL.
|
||||
./scripts/run-container.sh
|
||||
```
|
||||
|
||||
Runs as user `krb5`; `CAP_NET_BIND_SERVICE` is granted to the daemon binaries at build time via `setcap`.
|
||||
|
||||
|
||||
The `kerberos_data` volume (`/var/lib/krb5kdc`) holds the realm database, configuration, and keytab. All files are written once on first start. On subsequent starts the container requires no environment variables — the persisted configuration is used as-is. Sensitive variables (`KRB5_MASTER_PASSWORD`, `KRB5_ADMIN_PASSWORD`) can be removed from the env file after the realm is initialised.
|
||||
|
||||
## Ports
|
||||
|
||||
Reference in New Issue
Block a user